Apple patches Safari arbitrary code execution vulnerabilities
Posted on 15 August 2014.
Apple released new versions of their Safari browser - 6.1.6 and 7.0.6 - in which they fixed multiple memory corruption problems in Webkit.


Out of the seven distinct CVE-IDs, five of the bugs were found in-house and the other two are credited to an anonymous researcher and the Google Chrome Security Team.

By setting up a web site with the malicious code, an attacker could cause arbitrary code execution or a denial of service (memory corruption and application crash) on the client's computer.

List of the related CVE-IDs:
  • CVE-2014-1384
  • CVE-2014-1385
  • CVE-2014-1386
  • CVE-2014-1387
  • CVE-2014-1388
  • CVE-2014-1389
  • CVE-2014-1390.



Author: Berislav Kucan, Director of Operations at Help Net Security.





Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //